search for: egress

I am successfully running ingress (IMQ) and egress (HTB) shaping on a bridge. Is there any way to combine and share the bandwidth between ingress and egress? Example: I have set up www service for egress at 128 KB and ingress at 256 KB. The shaping on them works fine separately. However, I want to create a single virtual pipe for www traffic and...

https://bugzilla.netfilter.org/show_bug.cgi?id=1673 Bug ID: 1673 Summary: bug egress hook virtio interface with VLAN Product: nftables Version: 1.0.x Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org Reporter:...

I have two interfaces, eth0 and eth1 but i can''t discern the egress traffic than ingress traffic. I need to apply htb qdisc in both directions, and I read that I need the IMQ patch to do this, because in ingress qdisc i can''t apply htb qdisc...but where is the ingress qdisc? affect the traffic that goes from eth0 to eth1 or is for the traffic that goes fro...

https://bugzilla.netfilter.org/show_bug.cgi?id=1672 Bug ID: 1672 Summary: bug egress hook virtio interface with VLAN Product: nftables Version: 1.0.x Hardware: All OS: other Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org Reporter...

...earning tcng without having experiance of tc and I am trying to build something that shall schedule traffic dependent on the value in the IPv4 packets ip_ttl field. I have read the tcng reference manual and cannot find information about forwarding. Is it possible to farward packets from ingress to egress without sending them upwards in layers? NIC---->ingress---->forward----->egress----> In ingress I do some metering and in egress: classifying and Queuing. Example (basic part of the source): #includes #defines dev eth1 { $P = bucket(rate 1Mbps, burst 2kB, mpu 64B); ingress {...

On a router, there is no need for and IMQ because there is always an egress path. For example: Internet -> eth1 -> iptables -> routing -> ... -> egress qdisc -> eth0 -> LAN LAN -> eth0 -> iptables -> routing -> .... -> egress qdisc -> eth1 -> Internet Local Process / Proxy -> routing -> iptables -> egress qdisc...

Hi, I have a Debian that is connected to Internet in eth0, and to a LAN in eth1. I wanted to control traffic with HTB, dividing it depending on what kind of traffic is (Mail, Application Server and others). Would it be good to use HTB qdisc in eth0 egress to control outgoing traffic and HTB qdisc in eth1 egress to control incoming traffic? Or the only way to control incoming traffic is with eth0 ingress? Thanks very much, tizo

...possibility with IFB. I don''t want to use IMQ because it''s not integrated to my kernel v2.6.21.1 and I didn''t find IMQ patches for it nor for the iptables package I use (v1.3.7). I''ve found some sample for ingress shaping with IFB. But my goal is to make global “egress” shaping on an IFB device grouping my two 802.1q devices (let''s say eth0.10 and eth0.20 redirected to ifb0). I''m using the following commands to create a QoS simple tree : ip link set up dev ifb0 tc qdisc add dev ifb0 root handle 1: htb default 3 tc class add dev ifb0 parent 1:...

...graded to Fedora Core 2 in the next month or so. Now with all that said, here is my question. I see that maintenance of IMQ has been passed on a couple of times. I see some people say that IMQ is not stable and should not be put into a production environment. My use of IMQ a year ago invovled only egress qdiscs using HTB and SFQ because the egress qdiscs were much more powerful and better than the ingress qdisc. The only problem that I ever had with IMQ was using the iptables target with both PREROUTING and POSTROUTING. I see Roy has posted that IMQ essentially crashes when doing egress shaping. Is...

...es me this error: tc qdisc add dev eth0 parent 5:1323 handle 1323 sfq perturb 10 RTNETLINK answers: Invalid argument if I don''t put the "perturb 10" option, it works. another question is about iptables, when I indicate the " --set-mark" option: iptables -t mangle -A egress -s 10.0.0.124 -j MARK --set-mark 1323 iptables: Invalid argument which will be the problem? I''m using Debian testing, with kernel 2.6.9 compiled with netfilter patches, iptables 1.2.11, iproute2 2.6.9-1, and I have these modules loaded: Module Size Used by ebt_mark_m...

Hi all I''m new to this list, but not exactly to iproute stuff. I''d like to solve a specific problem with bandwidth coming from different external sources towards the internal network (also the other way around, but I figure that''s not so much a problem, since that is egress traffic shaping). The network looks like this: internet ------ ISP-------[shaping/router] | | +- net1 -------- host1 mirrors host2 +- net2 in text: we connect to the internet via an ISP, where we also have...

...op the packet and not forward it back to the host. This is called "split-horizon filtering" (SPH) [1]. FRR configures SPH filtering using two tc filters. The first, an ingress filter that matches on packets received from VTEP1 and marks them using a fwmark (firewall mark). The second, an egress filter configured on the LAG interface connected to the host that matches on the fwmark and drops the packets. Example: # tc filter add dev vxlan0 ingress pref 1 proto all flower enc_src_ip $VTEP1_IP action skbedit mark 101 # tc filter add dev bond0 egress pref 1 handle 101 fw action drop Motiv...

...op the packet and not forward it back to the host. This is called "split-horizon filtering" (SPH) [1]. FRR configures SPH filtering using two tc filters. The first, an ingress filter that matches on packets received from VTEP1 and marks them using a fwmark (firewall mark). The second, an egress filter configured on the LAG interface connected to the host that matches on the fwmark and drops the packets. Example: # tc filter add dev vxlan0 ingress pref 1 proto all flower enc_src_ip $VTEP1_IP action skbedit mark 101 # tc filter add dev bond0 egress pref 1 handle 101 fw action drop Motiv...

Hi all, I've run into a case where the optimizer seems to be having trouble doing the "obvious" thing. Consider this code: ``` define i16 @foo(<8 x i16>* dereferenceable(16) %egress, <16 x i8> %a0) { %a1 = icmp slt <16 x i8> %a0, zeroinitializer %a2 = bitcast <16 x i1> %a1 to i16 %astore = getelementptr inbounds <8 x i16>, <8 x i16>* %egress, i64 0, i64 7 ;store i16 %a2, i16* %astore ret i16 %a2 } ``` The optimizer recognizes t...

Hi all, Supposedly my router is itself streaming traffic to clients. Is it possible for it to mark its packets before going through dsmark?? I have gone through the examples in iproute2/examples, i noticed that there''s always an ingress and egress of which these are 2 different dev. Is it possible for before ingress and egress be the same dev?? I tried the script below but doesn''t seem to work... How to control the bandwidth in this case?? I want to show that AF11, AF21, AF31, AF41, EF, BE traffic has different throughput if 6 full...

..., do I have to hack into the source? Alternatives, like a filter spitting packets to 2 different DSMARK based on this ratio? In long: I''m a hungarian univ student involved in a project (RMD-QoS stuff) which needs the following: \ This node has 3 ingress and 1 egress link, all have for ex. 10 Mbit \ limit to their traffic. \ --- node ----- Suppose ingress traffic is: 8 + 3 +5 = 16 while the egress / link will be congested with 10. Because this node is a simple, / intradomain router, we wo...

Hi all, ive been reading lartc howto, im new about traffic shaping/police. As far as red (chapter 9 complete) i saw that first the packet passes at the ingress qdisc, then it passes to the ip stack if the packet is directed to the box or its forwarded (is my case), then it falls to the egress classifier/s. Now, i understand if i have an ipsec vpn at the outside interface, the egress classifiers will act before the packet leave the kernel and enter to the vpn tunnel, is this correct? Here''s my situation , i have a "headquarter" box that is a database (to call it wi...

...5 + local ageing_time + + RET=0 + ageing_time=$(bridge_ageing_time_get br0) + tc qdisc add dev $swp2 clsact + ip link set dev br0 type bridge ageing_time $LOW_AGEING_TIME + bridge link set dev $swp1 learning on locked on + + bridge fdb replace $mac dev $swp1 master dynamic + tc filter add dev $swp2 egress protocol ip pref 1 handle 1 flower \ + dst_ip 192.0.2.2 ip_proto udp dst_port 12345 action pass + + $MZ $swp1 -c 1 -p 128 -t udp "sp=54321,dp=12345" \ + -a $mac -b `mac_get $h2` -A 192.0.2.1 -B 192.0.2.2 -q + tc_check_packets "dev $swp2 egress" 1 1 + check_err $? "Packet...

Hello Tom! After i read and analyze some docs about IFB i decide that for implement this feature in Shorewall not need more efforts (of course i may be wrong). If we have 'ifb0' device then we must activate ingress discipline on real device (f.e. eth2) and redirect 'egress' from it to 'ifb0'. tc qdisc add dev eth2 ingress tc filter add dev eth2 parent ffff: protocol ip \ u32 match u32 0 0 action mirred egress redirect dev ifb0 And then we can use 'tcrules' and 'tcclasses' for configuration egress discipline of the 'ifb0'...

I''m beginning to think again about what will be different in 2.0. Here are some thoughts. a) User-defined actions will be emphasized. - A library of actions will be available with names such as: AcceptSSH AcceptDNS DropWindows (drops all SMB noise) DropBroadcasts (Silently drop all Broadcast traffic) ... The possibilities are nearly endless but should